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(57) Abstract: A communications network and method enable broadband service subscribers to dynamically select broadband 
service destinations they wish to access firoin subscriber customer premises equipment The communications nebyork is ah ATM 
network including a plurality of ATM switches (10). The network also includes al least one directory server connected to the ATM 
network (14). at least one fiber terminating device connected to the at least one directory $erver. and at least one broadband destina- 
tion connected to the ATM network. Furthermore, the subscribers* customer prendse equiptnent (2a) is connected to the at least one 
fiber terminating device. The rnethod includes receiving a session request, which identifies a destination, in the at least one service 
gateway (4), wherein, the session request is transmitted over a broadband connectipn iising an tntCTiet protpcpl. Next, using the at 
least one service gateway, an ATM network address of the destination frpni the at least one directory server is retrieved. Then an 
$VG is launched over the ATM network from the at least one service gateway to connect the subscriber to the ATM network address. 
Finally, tfie subsequent packets are forwarded to the destiriatipn over the ATM SVC conriectibh. 
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VIRTUAL Pim^ATE NETWORk Oy^ 
ASYNCHRONOUS TRANSFER MODE 

The present appHcation expressly incoiipo^ 
of U.S. Appiication No. 09/907,606, entitled **Virtual Private Networking Over Asynchronous 
Transfer Mode" , filed July 19, 2001. 

BACXGROUNbOFT^ 

1. Fiel4 of thQ tovefltipq 

[0001] The present invention relates to a data comniunicatioiis network. In particular, the 

present invention discloses a technique for utilizing ATM SVCs (Asynchronous Transfer Mode 
Switched Virtual Circuits) to enable broadband service subscribers to dynamically choose the 
broadband destinations they wish to access in a inaniier that does not cause undue administrative 
overhead to the network carrier or broadband destination provider. 

2. : Acronyms 

[0002] The written description provided herein certains aCT^ 

telecommunications services, components and techiiiques, as well as features relating to the 
present invention. Altiiough some of these acronyins kre known, use of these acronyms is not 
strictly standardized in the art. For purposes of the written description herein, tiie acronyms are 
defined as follows: 

ADSL Transrnission Unit-Remote (AtU-R) 

Asynchronous Transfer Mode Switched Vbtual Circuit (ATM SVC) . 

Customer Premises Equipment (CPE) 

Intemet Protocol (IP) 

Intemet Service Provider (ISP) 

Local Area Network (LAN) 

Layer 2 Tunneling Protocol (L2TP) 

Lightweight Directory Access Protocol (LDAP) 

Multi-Protocol Label Switching (MPLS) 

iNetwork Selection Access Point (NSAP) 
Peripheral Component Interface (PCI) 




. wo 03/009528 : PCT/US02/19819 

: Pomt-to-Point Protocol (PPP) 
PPP Tmmel Aggregation (PTA) 
Plain Old Telephone Service (POTS) 
Permanent Virtual Circuit (PVC) 
Switched Virtual Circuit (SVC) 

Transmission Control Protocol/Internet Protocol (TCP/IP) 
Service Selection Gateway (SSG) 
Universal Serial Bus (USB) 

Virtual Private Network Over Asynchronous Transfer Mode (VE^NoATM) 
3. Discussion of Backgroun d Information 

[0003] Many network carriers are providing broadband access services to large numbers ■ 

of subscribers using xDSL, cable modem, and other approaches. Currently, subscribers are 
typically cbnnected to a single data service provider, usually an ISP, at service isubscnption time 
Vising a point-to-point or "nailed up" connection. Changing the deistiriation accessed by the 
subscnber can only be done with administratiye action on the part of the carrier. 
[0004] However, network carriers are how beginning to deploy broadband service 

"gateways" to which broadband subscribers vnR be coiuiected. These gateways are able to 
interpret data sent from the subscriber's terminal to the netwdrl^ and dyhamcaUy cdiinect the 
subscriber to their desired destiilation. This enables a subscriber to, for example, cipimect to Ihbir ; 
ISP for a session, and then switch to their employer's corporate LAN so that the subscriber ihay 
work from home. 

[0005] An example of the aforementioned technology is disclosed in U.S. Patent No, 

6,141,339, which provides a communicatidns network that includes broadband networks and a 
service node to facilitate communication^ services for an end-usen In particular, the network has . 
the abiUty to in:q)lement ATM SVCs. Furtherinote, the lietwork converts POTS traffic to ATM 
tri^c attheresidence;, • / . - L-: = 

[0006] However, U.S. Patent No. 6,141 j339;has a major disaidyantage in that it requires 

orie connectiori for each destination. In other word^, rnultipiexihg or aggreg^tion.ddes riot occur. 
As a result, the network is qmckly : overburdened with rnany^ connection^. . 

Furthermore, the network becoines very difficxilt to administer. 

[0007] Another example of the aforementioned technold©^ is provided in the reference 

entitied "Cisco Asynmietric Digital Subscriber Line Services Architecture" ( referred to as ■'White 
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Paper"). In particular, the White Paper techiiology recognizes the advantages of aggregation by 
utilizing a variety of approaches, 

[0008] Similar to the approach described in U.S. Patent No. 6,141,339, the White Paper 

describes schemes that rely upon static or "nailed-up" connections to each of the possible 
destinations a subscriber might wish to access. If the destmatipns only include service providers 
such as ISPs and yidep-on^demand providers, static connections are not a big problem. . When 
enterprise data networks are added as possible destinations, However, 6ach gateway must be ' 
connected to each destination, 56 the number of connection^ reqiiifed is combinatory. In a large 
metro area with just a couple of dozen gateways but thousands of corporations wishmg to give 
their employees broadband access to their networks from home, the number of connections can 
grow into the hundreds of thousands. Maintaining these connections as enterprises are added and 
removed, requires significant administrative effort on the piaft of the carrier. 
[0009] The White Paper also discloses an approach that utilizes SVCs from CPE 

(customer premises equipment) to the edge of the network. Ea this scheme, the core of the 
network implements transmission of data utilizing the well-known Internet Protocol (IP) and a 
new standard Multi-Protocol Label Switching (MPLS). MPLS is currently an evolving Internet 
Engineering Task Force (DETF) standard that has not bedti widdy depldyei Eurtherinpre, the use 
of MPLS does not leverage the currently provisioned ATM networks. In addition, by launching 
SVCs from flie CPE, the subscriber at the CPE is required to iiiteract with a technology that many 
people are not familiar with. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0010] The present iiivention is further described in the detailed description which . : 

follows, with reference to the noted plurality of drawings by way cif non-limiting examples of 
exemplary embodiments of the present invention, in which like reference niunierals represent 
sirmlar parts throughout the several views of the drawings, aiid wherein; 
[0011] Figiire 1 is a system architecture diagram of an embodiment of the present 

invention which illustrates the virtual private network over asynchronous transfer mode 
(VPNoATM) architecture with a stand-alone gateway according to an aspect of tiie present 
invention; 

[0012] Figure 2 is a system architecture diagram which illustrates a second embodiment 

of the invention mcluding an integrated access rhultiplexer and broadband service gateway 
according to an aspect of the present invention; 
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[0013] Figure 3 is a table which depicts an example of entries provided in the directory 

server according to an aspect of the present iny 

[0014] Figure 4 is a flow diagram showing the process of establishing a virtual private 

network over asynchronous transfer mode (VPNoATM) according to an aspect of the present 
invention; 

[OOiS] Figure 5 is a flow diagram showing the process of establishing multiple sessipnis 

according to an asp66t of flie present invention; 

[0016] Figure 6 is a flow diagriam showing the process of establishing connection sharing; 

[OOiT] Figure 7 is a flow diagram showing the process of tenninating cbnnectioiis 

according to an aspect of the present invention; 

[0018] Figure 8 is a call flow diagram showing the process of establishing a virtual private 

network over asynchronous transfer mode (VPNoATM) according to an aspect of the present 
invention. 

DETAILED DESCRIPTION OF AN EMBODIMENT 
[0019] The particulars shown herein are by way of example and for purposes of 

iUiistrative disciission of the embodiments of the present invention only and are presented in the 
cause of providing what is believed to be the most useful diid readily understood description of 
the principles and conceptual aspects of the present invpnfipri. . In tMis ire^d, no attempt is made 
to show structural dbtails of the present invention iii more deitail tiaahj is necessary for the 
fundamental understanding of the present inyentipn, the descrijitioh taken with the drawings, 
making apparent to those skilled in the art how the several fdrnis of the present invention inay be . 
embodied in practice. 

[0020] The present inventioii removes the aforementioned disadvantages by enabling the 

broadband service gateway to dynamically establish a connection to the destination only when 
a cormection is required while utilizing the presently existing ATM networks, RathCT than relying 
upon "permanent" connections between the gateway and the destiniations, "switched" connections 
are established using the SVC capabilities of ATM equiprnent. Because the gateway 
autornatically establishes these connections when required and fewer connections are thus in 
place, the admiiustfative burden of fnaintaiiaing these coniiedtiohs is removed; However, the 
ability of the subscriber to dynamically choose destination is retained. Also, the way in which 
the subscriber conxtnunicates with the network does not change. 
[0021] Fiirthemore, aiiadvmtagebf^^^ 
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Utilize mainstream IP Point-to-Point Tiimieling Protocol (PPP) on the edge pf the 
commumcatipns network (i:e., at the CPE) and utilize existing ATM networks in the core of tibe 
commimicatibns network. An aspect of the present invdition includes expanding the capabilities 
of broadband service gateways to utilize a directory server and the SVC capabilities of the ATM 
switches in the niaimer described herewith 

[0022] Another advantage of the present invention is that it removes the administrative 

overhead of maintaining a static coimectidil fioni each gateway to each possible destiri^tioii by 
providing a liethod for dynamically establishing a connection to a destination only when one is 
required. The subscriber continues to access the network and request sessions just as before, 
using PPP protocol or a protocol wifli similar capabilities. Also, the subscriber may continue to 
specify a requested destination by specifying a structured user name, as before. 
[0023] In particular, the domain name supplied by the subscriber is received by the 

gateway aad mapped to an ATM netw6± address with the use of a directory server. If the 
gateway does not have an existing connection to that destination, the gateway creates a cbnnectioii 
by launching an ATM SVG to the destmatipn using the ATM network address retrieved from the 
directoiy server. If multiple subscribers on the same gateway seek to access the sanie destination, 
their sessions can be natlltiplexed onto a single switched coimection tismg L2lT 
other connection-sharing approach. The corinectipn is maintained for as long as any subscriber 
is using it, and then can even be maintained for soihe adcUtioiial period of time m case someone 
else requires it to reduce the anaouiit of connection setup and tear down processing. 
[0024] Eventually, though, inactive connections are torn down to conserve network 

resources. So, rather than maintaining a dombinatbry number of connections between the 
gateways and destinations, the carrier need only to proyide an entry in a directory server that 
enables each domain liame to be mapped to an ATM network address; Wheii a new gateway is 
added, it need only be set up to access the directory Serveir, where the gateway will find entries 
for each of the destiaations the gateway wUl have to contact In additioii to ATM nietwork 
addresses, service-related mformatioti.can be stoired in the directory server. 
[0025] According to an aspect of the present invention, a method for enabling broadband 

service subscribers to dynamically access, from subscriber custoiner premises equipment, 
broadband service destinations via an ATM network is provided. The ATM network includes^ a 
plurality of ATM switches, the customer prernises equipment being connected to at least one 
service gateway via at least one fibCT terminating device, arid the at least one service gateway 
being connected to at least one directory server. The method includes receiving a session request, 
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which identifies a selected one of the broadband destinations, in the at least one service gateway, 
wherein the session request is transmitted over a broadband connection using an internet protocol; 
retrieving, using the at least one service gateway, an AtM network address of the selected 
broadband destination from the at least one directory server; kuhching an SVG over the ATM 
network from the at least one service gateway to comiect the subscriber to the ATM network 
address; and forwarding the session request and subseqtient packets to tfie selected destmatioh 
to 0stabUsh a seission over ith^ 

[0026] Abcprdiiig to. another aspect of the present inyentibn, when the sUbsoiber 

terminates the session, the at least one service gatbway tears down the ATM SVC coniiection. 
In yet another aspect of the present invention, the at least one service gateway retains the ATM 
SVC connection for a predetermined period of time before the ATM SVC connection is torn 
down. 

[0027] In another aspect of the present invention, the method further includes concurrently 

establishing multiple sessions for one subscriber using a plurality of ATM SVC connections 
mapped to a plurality of different destinations. According to a fijrfher aspect of the present 
invention, the method further includes sharing the ATM SVC coiinection with a plurality of 
subscribers such that each subscriber has a session established :t6 the same destinatidn. 
[0028] In another aspect of the present invention, connection sli^ring is established by 

multiplexing each of the plurality of subscribers sessions onto a single SyC connection using one 
of Layer 2 Tunneling Protocol and PPP Tunnel Aggregation. According to still a fiirther aspect 
of the present invention, the at least one directpty servef:i3 provided with a tkble which correlated 
AIM network addresses with doniain n£^ 

[0029] Other aspects of the present invention includes a table which further includes a 

connection sharing protocol for each domain nanae. Further aspects of the present invention 
include wherein the table further indicates whether' the session is ekcliisive for each doinaiii li'ame. 
According to other aspects of the present inVeiation, the table furtiier includes whether caller IJD., 
for security purposes, is provided when sessions are established to the destination identified by 
the domain name. 

[0030] According to another aspect of the preserit invention, the retrieving further 

includes queryiiig the at least one directory server with a doniain name, and receiving back the 
respective ATM ixetwork address, connection sharing protocol, data on whether the session is 
exclusive, and whether caller I.D. for security purposes is provided, for the domain nanae wtiich ; 
has been queried. 

*■■ ; .. . ..*. . . 6 . ■ ; . :. . . ,.. 
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[0031] Accordiiig to still a further aspect of thie present iiivehtiqn, the at least one service 

gateway is provided wifli a database which is updated ekch tufte a subscriber logs in and logs out, 
to internally track existing ATM SVC connections. According to; another aspect of the present 
invention, the at least one service gateway comprises a plurality of service gateways located in 
different geographical regions. 

[0032] In yet another aspect of the invention, the plurality of service gateways access 

different directory servers which are loaded with ATM network stddre^ses for diifferent 
geographical regions, thus preventing service gateways in one region from launching ATM SVCs 
to destinations in other regions. In another aspect of the present invention, tiie at least one fiber 
terminating device and the at least one broadband service gateway are integrated into oiie unit. 
According to still a further aspect of the present invention, the at least one fiber terminating 
device comprises one of a multiplexer and a cable teleyisiori head-end. 
[0033] Other aspects of the present invention include establishing a permanent virtual 

connection between the subscriber customer preniise equipment and the at least one service 
gateway. Accordirig to other aspects of the present invention, the Internet protocol is point-to- 
point protocol (PPP). 

[0034] According to another aspddt of the present invehtionj a data communications 

network for enabling a broadband service subscriber to dynamically select at least one broadband 
service destination &om subscriber customer premises equipment, is provided. The 
conimunications network includes an ATM network ihcludmg a plxirality of ATM switches; at 
least one fiber terminating device; at least one directory server; and at least one broadband service 
gateway connected to the ATM network, the at least one fiber terminating device, and the at least : 
one directory server. The at least one service gateway receives Internet protocol packets, 
associated with a session request and transmitted from the customer premises equipment, viia the 
at least one fiber terminating device, the at least one service gateway then laimches an ATM SVC 
connection over the ATM netwoik to connect the subscriber to the at least one broadband service 
destination in response to tiae session request from the customer premises equipment. 
[0035] According to Mother aspect of the present invention, p^ 

is used to transmit data froin the customers premise equipihent to the at least one service gateway. 
In yet another aspect of the invention, a permaneiit virtual connection between the customer 
premises equipment arid the at least one service gateWay. In another aspect of the pteserit 
invention, the at least one service gateway comprises a plurality of gateways located m different 
geographical regions. 
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[0 03 6] According to still ftirtiier aspects of the present iiiventioii, the plurality of gateways 

access different directory servers which are loaded with ATM network addresses appropriate for 
each different geographical region, preventing gateways in on^ regioii from launching ATM 
SVCs to destinations in another region. Other aspects include a permanent virtual conneption 
established between the at least one service gatevvay and the at least one directory server, 
[00371 According to a finther asjpect of flie present invention, the at least one fiber 

temiiiating device and the iat least one broadbmd service gateway are integrated idfo p^^^ uidit^" 
In yet anothei: aspect of the presOTt invention, the at least one service gateway is provided Svith 
a database which internally tracks existing ATM SVC connections^ 

[0038] Additionally, other aspects of the present invention include concurrently 

established multiple sessions for the subscriber using a plurality of ATM SVC connections 
mapped to a plurality of different destinations. In another aspect of tiie present invention, a sin^e 
ATM SVC connection is shared with a plurality of subscribers such that each subscriber has a 
unique session established to the same destination, 

[0039] According to still a further aspect of the present iiiyention connectibii sharing 

includes multiplexing each session into a singlet SVC connection using one of Layer 2 Tunneling 
Protocol andPP? Tunnel Aggregation, firrther a^ of this piresrat invention in^^^ 
the at least one directory server with a table which correlates ATNl nb addresses with 
domain names. Flirther aspects of th6 invention includes a donnectioh isbaring protocol for each 
domain name iii the table, 

[0040] Other aspects include wherein the table indicates whether the session is 

exclusive for each domain lianie. According to a further aspect of the present invention, the at. 
least one broadband service gateway queries the at least one directory server with a domain name, 
and the at least brie service gateway receives back a respective ATM network address, and 
connection sharing protocol data iridicating whether the session is exclusive, for that respective 
domain name. According to a still further aspect of the present invention, the at least one fiber 
terminating device comprises one of a multiplexer and cable television head-end. 
[0041] According to still a further aspect of the present invention, a computer readable 

medium storing a computer program that enables broadband service subscribers to ^amically 
access, from subscriber customer premises equipment, broadband service destiriktions via aii* 
ATM network comprising a plurality of ATM sv^dtches, the customer premises equ^ment being 
connected to at least oiie service gateway via at feast one fiber terminitmg djsvice, the at least oiie 
service gateway being connected to at least one directory server. The computer read^le medium 
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includes a source code segment that receives a session request, which identifies a selected one of 
the broadband destinations, in the at least one service gateway, wherein the session request is 
transmitted over a brpadband connection using an Internet protocol; a spxirce code segment that ■ 
retrieves, using the at least one service gateway, an ATM network address of the selected 
broadband destination &om the at least one directory server; a source code segment that launches 
an SyC over the ATM network from the at least one service gateway to connect the subscriber 
to the ATM network address; and a source code segment that forwards the session request and 
subsequent packets to the selected destination to establish a session over the ATM SVC 
connection. 

[0042] Other exemplary embodiments and advantages of the present invention may be 

ascertained by reviewing the present disclosure and the accompanying drawings. 

1. System Qvemgw 
a. System Components 

[0043] Figure 1 illustrates a first embodnnent of the present inventioiL Broadband service 

subscribers 2a-c providing their own customer prernises equipment (CPE), sucli as computers^ 
are connected to an access multiplexer 4 in their neighborhopd with hi^-^spee4 access lines 6, 
such as xDSL. For sake of explanation, ADSL will be used throughout the remainder of the 
specification, however, the present invention is not limited to use of ADSL. 
[0044] An ADSL modem (not shown), which utilizes Ethernet protocol or any other 

acceptable protocol, is utilized as an mterfiace between the subscriber's CPE 2a-c and the ADSL 
access line. For instance, a customer's computer can be connected to the ADSL mpdem via an 
Ethernet cable, though USB versions of modems itiay also be used The subscribers can provide 
their own ADSL modem, but typically the carrier provides an ADSL modem, 
[0045] The access inultiplexer 4 is connected to an ATM backbone networic 8, including 

one or more ATM switches 10 that siqjport both perman^t virtual bircuits (PVCs) aiid switclied 
virtual circuits (SVCs). Also connected to the ATM network 8 are one or more broadband 
service gateways 12, one or more directory servers 14, arid broadbaud service providers 16aTC, 
such as ISPs, video^on-demand providers, and eiiteiprise data networks. The broadband service 
providers 16a-c terminate their connections to the ATM network 8 with an IP router or perhaps 
a broadband service gateway of their own (not shown). Gateways 12 in different geographical 
areas will access different directory servers 14 which are loaded with ATM network addresses 

9 
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appropriate for that area. This prevents gateways 12 in one city fiom launching SVCs to 
destinations in another city, 

[0046] While the carrier's broadband service gateway 4 is shown in Figure 1 as ia separate 

piece of equipment, it can be integrated with either the access multiplexer 12 or the ATM 
switches 10. Figure 2 illustrates a second embodiment of the present invention in which the 
access multiplexer 4 and broadband service gateway 12 are integrated together. 
[0047] : ' * Brbadband access; milltiplexeis 4,'such the Alcktel ASAM iDOO and ASAM 7300, 
and ATM switches 10, such as the Alcatel 7670, Lucent GX 500 and CBX 550, citable of 
supporting both PVCs and SVCs are widely available, Broaidband service gateways 12, such as 
the Nortel BSN-5000 are also available. Finally, IP routers such as the Cisco 3600, 6400, 7200 
and 7500, are capable of terminating ATM SVCs are also currently available. 
[0048] Directory servers 14, such as those using the Lightweight Directory Access 

Protocol (LDAP) and software capable of being run on a general-purpose computer are also 
commonly available. LDAP is a likely choice for implementation of the directory look-up 
function, but others could also be used. Gateway 12 will receive back the information stored in 
directory server 14 that is associated with the specified dbmain name, 

b. Addition of Components to the Network cmd Dedicated PVC 's 
[0049] Establishing service for each new subscnber reqiiires provisioiiing a brbadbaiid 

access line 6. It also mtails creating a permanent virtual connection (PVC) 18 from CPE 2a-c to 
broadband service gateway 12 for each subscnber. The ADSL mddem on each subscriber's 
premises will tiien take the data traffic from the subscriber, insert it into ATM cells, and send the 
ATM cells across the PVC established for that subscriber to service gateway 12. It will also 
perform the opposite for data coming back from servicd ^ateyi^ay 12. . .. 
[0050] To add a new broadband service gateway:. 12 to the corrimiitiicationLS network, 

gateway 12 must be connected to ATM netwbrk 8, and provisipiieid with ATM SVC capabilities . 
then, gateway 12 may be loaded with data it needs to access directory server 14 for the purpose 
of resolving domain names. It should be noted that for inter-component coriimunications, 
broadband service gateway 12 is also cormected to directory server 14 over a PVC cohnectiidn 22. 
Alternatively, the cormection between gateway 12 and directory server 14 may be an Ethernet 
connection or the like. 

[0051] To add a new destination 16a-c, the destination subscribes to the service with the 

carrier and is provisioned with an ATM access line 7 (from Figures; 1 and 2) capable of 
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supporting SyCs. As part of this process, an ATM network address Will be assigned to the 
destination. The . destination 16a-c also provides the carrier, with a domain name that the 
destination wishes to have associated with it, and the dpmam name will be matched to the 
assigned ATM network address. Also, a database in directory server 14 will be updated. The 
directory server database will be described in further detail in the following section. Other service 
parameters negotiated with, the destination can be included and wUl also be discussed later in the 
specification. . ■ ' * . " '" ■ 

[0052] One advantage of integrating gateway 12 into the access multiplexer 4 (from 

Figure 2) is that the proxirnity between gateway 12 and iiiiiltiplexbr 4 greatiy siirplifies 
estabUshing the dedicated PVC communications link 1 8 required between both componrats. In 
other words, a portion of the dedicated PVC 18 between multiplexer 4 and gateway 12 is 
eliminated. As a result, for each subscriber 2a-c the required PVC coimection 18 is greatly 
simplified and can be replaced with iiiteraal connections \^athin the integrated multiplexer 4 and 
gateway 12. 

c. Directory Siarver Database, Gateway Database & Other Features 
[0053] Each directory server 14 is provided with a; datlabase storiiig a table, an exampile 

of which is illustrated in Figure 3 . The database is loaded with a variety of miapping information 
such as the destination domain name of each ISP or enterprise, an ATM networic address for each 
destination domain name, and information for other service related features, such as "Cbiinectibh 
Sharing" and **Exclusive Sessions", For example, a multiplexing scheme to be used to multiplex . 
multiple subscriber sessions to ATM SVC connection 20 (from Figtires 1 and 2) can be included, : 
as well as an indication that multiplexing is not siipported. These features will be discussed in 
greater detail later in the specification. 

[0054] It is noted that the information in directory seryer^s 14 database is soniewhat static 

and not subject to be changed often. Nevertheless, the data in directory server's 14 database will 
be updated when gateway 12 or destination 16a-c is added or dropped from the communications 
network. In particular, tbe service carrier will create a new row in the database within directory 
server 14. This row may include the domain nanie ias the key, the ATM networic address assigned 
to the destiriation, and whether connectioii sharing, exclusive sessions, and other features are 
allowed. 

[0055] Gateway 12 is also provided with its own database, which internally tracks ATM 

SVC connections already in place, to assist in tracking how many users are on ah establisiied 

11 
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ATM SVC connection 20. Tracking is acconq)lished by xipdating the database in gateway 12 
each time a user logs in and out. As compared to the database in directory server 14 which is 
considered somewhat static, the database in gateway 12 tracks real-time session activity, wlaich 
is iiAerently.niore dynarmc. 

[0056] . Another feature can be provided wherein gateway 12 forwards to ISP or enterprise 
1 6a-c, information; about the subscriber. Thus, mfonnation can be provided as a security feiature 
which function^; similar to caller ID (see Figure 3)." This feature is particularly suited for 
providing infonnation to ISPs or enterprises to prevent unwanted logins firom unauthorized lisers. 
For example, ADSL line numbers coxild be forwarded to destination 16a-c and the destinations 
could determine whether or not a current incoming call matches the authorized ADSL line. This 
feature is disclosed in further detail in U.S. Application, entitled 'TMethod and iSystem for 
Broadband Network Access", filed on April 27, 2001 by Allen et al., the disclosure of which is 
expressly incorporated by reference herein in its entirety. 

2. System Operation 

[0057] Figures 4-7 are a flow diagrams Which "iUustrate an exemplary manner in which 

the virtual private network over asynchronous transfer rnode (VPNoATM) functions. 

a. Establishing an ATM SVC Connection 
[0058] Figure 4 is a flow diagram show^ 

SVC connection 20 (from Figures 1 and 2) according to an aspect of the present invention. To 
request a session, subscriber 2a-c will initially si5)ply destination information required by gateway 
12 at s3. In other words, the subscriber sends in a request to talk to destination 16a-c, such as 
"ISPl.com". Subscriber 2a-c can use a Point-to-Point Protocol (PPP) or a similar protocol to 
establish sessions with desired destinations 1 6a-c. The PPP protocol diatagrams are then carried 
over broadband access connection 6 through access multiplexer 4 to gateway 12 at s5 
[0059] To assist subscriber 2a-c, a selection menu or GUI may be provided for the 

subscriber to select service provider or destination 16a-c. Various embodiments for the selection 
menu are available. For instance, an icon inay be provided, wliich upon selection, requests 
subscriber 2a-c to input a destination address (e.g., "iSPl.cbm"). At this time, a user ID and 
p assword may also be requested Or the selection menu can be^ as basic as an icbii representative 
of the actual service provider 1 6a-c with default paraineters already previously defined 
[0060] Ats5, when gateway 12 recdves the request tbestabU^ 
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2a-c, gateway 12 will then send a query to directory server 14, using a domain name, such as 
"ISPi.com" as a key into tiie directory server's database at s7. In response to the query from 
gateway 12, directory server 14 sends the ATM network address or Network Selection Access 
Point (NSAP) affiliated with the destination domain name froiri the request to gateway 12 at s7. 

[0061] Figure 3 shows an example of the data in the database located in directory server 

14 that can be retrieved by gateway 12, In' the case of a PPP sessioii, the destinjatioh inay be 
included in a structured user name supplied by the subscriber, such as "userl@ISPi.c6m". 
Gateway 12 then maps the destination according to the retrieved ATM netwoik address or NSAP. 
In particular, the domain part of this name^ "ISiPl.com", is mapped to the appropriate ATM 
network address. 

[0062] Next at s9, gateway 12 launches SVC 20 over ATM network 8 to connect 

subscriber 2a-c with destination 16a-c. Once ilie coimectibn is estabUshed, the PPP session 
request and aU subsequent packets will be forwarded to destmation 16a^c at si 1. The database 
in gateway 12 also associates the subscribers new session with the aforementioned ATM SVC 
connection for internal tracking purposes. 

i. Terminating the ATM WC Connection 

[0063] An exemplary process for terminating ATM SVC connection 20 is shown in 

Figure 7. When subscriber 2a-c is finished with the session^ subscriber 2a-c can log^dff or 
disconnect from the commxmications network at s37. At s39, gateiway 12 is notified that the ^^ 
subscriber has logged off. For one embodiment of the present invention (not shown), gateway 
12 will then iimiiediately disconnect the sessioa At this point; ATM SVC 20 is torn down, and 
the system returns to an original state. Note, s41rs43 is depicted in Figure 7, reflect another 
embodiment of the present invention which will be explained in further detail below. 

C; Multiple Session Feature . 

[0064] It is noted that multiple sessions may be supported by the present inveiitioxL For 

instance, gateway 12 can be configured td provide a plurality of connections for an individual 
subscriber to a pluraUty of destinations 16a-c. Thus, for example, it is possible for a subscriber, 
to establish a session with their employer's network, while concurrently having a session 
established with an ISP. 

[0065] Multiple sessions are transmitted over ADSL connection 6 (from Figures 1 and 
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2), using point-to-point protocol (PPP) for data transmission. The data is transmitted thro the 
PVC established for each subscriber to service gateway 12. in particular, the ADSL iriodCTi 
receives Ethernet frames from the CPE and inserts them into a single stream of celis, iiC,, PVC 
18. Each PPP frame has a session identifier, that associates the contents of the frame with a 
session. Thus, the frames can be sorted and reassembled according to. the session identifier. The 
data is then transmitted over PVC 18- using PiPP, to gateway 12.. Nejfct, gateway 12 receives the 
diata,' reassembles, identifier. 
[0066] An "Exclusive Session" feature inay also be pi;bvided in conjunction with the 

inuitipie sessions feature. For example, some destinations 16a^G niight want the subscriber's . 
session to tiie destination to be the only session active from the subscriber. The "Exclusive 
Session" feature is particularly suited for con5)uter netwbdc security. A security-conscious 
enterprise might desire this feature to prevent unintended access to their network thrpugji the 
subscriber's CPE 2a-c. In particular, this feature acts to inhibit multiple sessions if desired; since 
many enterprises with corporate LANs prefer not to allow their home based users to hiave more 
than one connection up at a time, 

[0067] The "Exclusive Session": features operates as follows: Gateway 12 will query* 

directory server 14 to determine if either the existing sessipii or the newly requested session are 
to destinations that only accept exclusive sessions. If either the existing session or the newly 
requested session is to a destination fliat only accepts exclusive sessions, gateway 12 will not 
aUow the newly requested session to be established, 
[0068] An exemplary process for the establishm 

Figure 5. Once a connection is established, for instance to "userl@ISPl.com", gateway 12 
transfers data from first subscriber 2a, that is identified as part of .first subscriber's session 
(through the PPP session ID or similar identifier) j to *TtSP 1 .com*', aiid vice- versa. 
[0069] At sl5, if it is determined that subscriber 2a requests a session to a second 

destination (by using, for example "userl@ISP2.com"), gateway li2 will perform a query to 
directory server 14 at si 7 to determine whether the existing or newly requested session is to a . 
destination that accepts only exclusive sessions. If neither session is to a destination that accepts 
only exclusive sessions, gateway 12 will perform a query for the second destination name and will 
establish a new ATM SVC connection to the second destinati^ 

[0070] If at sl7, either session is to be a destination designated as an "Exclusiyb Session", 

the subscriber's request is denied at s21. For instance, if. the subscriber is connected to 
"Enterprise.com" (from Figure 3), that subscriber v^ould only be able to haye a session to 



wo 03/009528 PCt/US02/198i9 
"Enterpnse.cx)m", and woxild not be alidwed to establisih a second session ^ anywhere eise^ since 
the destination "Enteiprise.com" has been designated ias acceptiiig only exclusive sessions, 

d. Comection Sharing Fedture 

[0071] Another feature of the present invention is connection sharing. An exemplary 

process for sharing a connection is illustrated in Figure 6, In this example, the ATM SVC from 

service gateway 12 to the "ISPl.com" comiection (frpim Figure 3), cim^ 

subscribers 2a-2c. For instance, at s23 another subscriber 2b-c oia the same gateway might also 

request a coimection to the same destination by subfrdttihg the structured usemaine 

"user2@ISPl.com". 

[0072] At s25, before launching an ATM SVC connection 20, gateway 12 will check its 

own internal database to see if an ATM SVC connection 20 has already been established to that 
destination. If an ATM SVC has not already been established to that destination^ gateway 12 
establishes a new independent session ifor the second subscriber 2b-c at s27. 
[0073] If there already has been an ATM SVC connection 20 estalDlished to the 3ame 

destination, then g;ateway 12 will qiiery directory server 14 to detdrniine whether cpmie|cftion 
sharing is allowed, at s29. If connection sharing is allowecij gateway 12 com^ 
subscriber 2b-c to the first subscriber's 2a ah^dy estabUshed ATM S V coimection at s31. 
Next, at s33, gateway 12 sends the PPP packets firom the second subscriber 2b-c to the first , 
subscriber's destination. For example, in the case of . "ISPl.coin" from (Figure 3), the PPP 
packets from the second subscriber 2b-c are transmitted to the same destination ('TSPl .coin")^ as : 
well at s33. If it is determined at s29 that connection sharing is not allowed, the logic proceeds 
to s27 and continues as described above. / 

[0074] Two common techniques used for connection sharing employ L2TP and PTA. 

Both of these techniques are well knoNvn and, thus, will not be described here. Other 
multiplexing techniques may also be used. 

e. Retcaning ATM SVC ConnecHon Before Termptation 
[0075] When all ofthe sessions active on mSVC 

ATM SVC 20 and tiie system retuniis to the original state as previotisly stated However^ another 
feature of the present invention is for gateway 12 to retain the ATM SVC coiinectiori 20 for a 
predeterrnined period of time at s4i before it is torn down at s43, as illustrated in Figtire 7. iTiis 
feature is provided in case either the disconnected subscriber or another subscriber wants a;ccess 
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to the same ATM SVC connection 20. Furliiermoit, this feature increases the dverdll operational 
efficiency of the communications network. Eventually, though, all inactive ATM SVCs are torn 
down. TTiis conserves network resources, as only those connections that are ac 
have to be carried by the network. 

/ . Call Flow Diagram 

[0076] Figure 8 is an exen^lary ciU flow diagTEbii tetwebii tfi6 ■ 

components of the communications network used to establish a virtual privatb network over 
asynchronous transfer mode (VPNoATM), according tb ah aspect of the present invention. 
[0077] At s300, to request a session, subscriber 2a-c will isupply the destination , 

information needed by gateway 12, such as "ISPlxom", The session request is carried over 
broadband access connection 6 through access multiplexed 4 to gateway 12. CSfateway 12 receives 
therequestto establish lie session from the subscriter2a-c^^^^^ Then, ats606, 

gateway 12 sends a query to the directory server: 14, using the dorqain name as a key into the 
directory server's database. At s700, directory server 14, sends the ATM network address 
affiliated with the destination domain name from the request to gateway 12, Next, gateway 12 
maps the destination according to the retrieved ATM network address. . Gateway 12 theii 
establishes an ATM SVC 20 over the ATM network 8 tb connect to destination 16a-c at s900. 
Once the call is established, the PPP session request vnH be forwarded to ddtiiiation 1 6a-c as 
will all subsequent packets. 

[0078] Although the invention has been described with fbferenbe to seVeral exemplary 

embodiments, it is xmderstood that the words that have been used are words of description arid 
illustration, rathbr than words of limitation. Qiangies may be made within the piirview of the 
appended claims, as presenfly stated and as arherided, without departing frbni th6 scope mid q)irit 
of the invention in its aspects. Although the invention has Bera described witt r^^ to 
particular components, materials and embodunents, the invention is not intended to be liniited 
to the particiilars disclosed; ratiier, the invention extends to all fimctiorially equivaleiit structures, 
inethods and uses such as are within the scope of the ^jpended claims^ 
[0079] In accordance with various embodiments of the present invention, the inethods 

described herein are intended for operation as software programs running on a computer 
processor. Dedicated hardware inplementations including, but not limited to, application specific 
integrated circuits, programmable logic arrays and other hardware devices can likewise be 
constructed to implement the methods described herein. Furthermore, alternative software : * 
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implementations including, but not limited to, disMbuted. processing or component/object 
distributed processing, parallel prbcessiii& or viriiialmaclme p can also be constructed 

to implement tlie methods described h 

[0080] It should also be noted that the sbffware impfementatibris of the pieseiit iftventipn 

as described herein are optionally stored on a tangible storage iiaediij^ such as: a magnetic 
medium such as a disk or tape; ia niagaeto-optical or ojptical medium such as a (Usk; br a solid' 
state medium such as a memory card or other' package that Houses* one of mbrp readnonly (ribh^ ' 
volatile) memories, random access memories, or other re-writable (volatile) memori^. A digital 
file attachment to E-mail or other self-contained infonnation ardhive or set of archives is 
considered a distribution medium equivalent to a tangible storage medium. Accordingly, the 
invention is considered to include a tangible storage medium or distributioii mediiiin, as listed 
herein and including art-recognized equivalents and successor media, in which the software 
iii5)lementations herein are stored. 

[0081] Although the present specification describes components and functions 

implemented in the embodiments with reference to particiiiar standards and protocols, the 
invention is not limited to such standards and protocols. Each of the standard^ for Intemk and 
; , : . other packet switched network transmissioti (e.g., TCP/IP, UDP/EP^ WML, SH^ML, DIin^ 
^ XML, PPP, SMTP, MIMiE), and pubhc: telephone networks (ISDNj ATM, Ai)SL) repiresent 
examples of the state of the art. Such standards are periodicaiiy supeirseded by faster or more 
efficient equivalents having essentially the same fimctipns; Accordingly, replacement standards 
and protocols having the same functions are considered equivalents. 
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WHATISOjUMED: . 

1 . A method for enabling broadband service subscribers to .dynacdically access, froin 
subscriber customer premises equipment, broadband service destinations. via an ATM network 
comprising a plurality of ATM switches, the customer premises equipment being connected to 
at least one service gateway via at least one fiber tenninating device, the at least one service 
gateway being connected to at least one directory server, the rdethod compriising; 

receiving a session request, which identifies a selected one 6f thie brbadb'and'd^tinatipns, 
in the at least one service gateway, wherein the session request is transmitted bver a broadband 
connection using an Internet protocol; 

retrieving, using the at least one service gateway, an ATM network address of the selected 
broadband destination from the at least one directory server; 

launching an SVC over the ATM network from the at least one service gateway to connect 
the subscriber to the ATM network address; aiid 

forwarding the session request and subseqiieht packets to the selected destination to 
establish a session over the ATM SVC connection. 

2. The method according to claim 1^ wherem wheii the subscribi^ ferixdM^ the 
session, the at least one service gateway tears dowii the ATM SVC connection!; 

3 . The method according to claim 2, wherein the at least orie service gateway retains 
the ATM SVC connection for a predetermined period of time before the ATM SVC connection 
istomdown. 

4. The method according to claim 1, further cdn:q)rising concimently establishiiig 
multiple sessions for one subscriber using a plurality of ATM SVC connections mapped to a 
plurality of different destinations. : 

5. The method according to claim 1, furtheir comprising sharing the ATM SVC 
connection with a plurality of subscribers such that each subscriber has a Session established to 
the same destination. 

6. The method according to claim 5, wherein connection sharing is established by 
multiplexing each of the plurality of subscribers sessions onto a single SVC connection using ohe 



• 
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of Layer 2 Tuimeling Protocol and PPP T^Jimel Aggre 

7. The method according to claim 1, wherein the at least one directory server is 
provided with a table which correlates ATM network addresses with domain names. 

8 . The niethod accordirig to claini 7, wherein the table further includes a connection 
scaring protocol for each domain niaiiie^ ' 

9. The method according to claim 7, wherein the table further indicates whether the 
session is exclusive for each domain name. 

1 0. The method according to claim 7, wherein the table further includes whether caller 
LD., for security purposes, is provided when sessions are established to the destination identifidd 
by the domain name. 

11. The method according to claim 1, wherein the retrieving further comprises 
querying the at least one directory server with a domain name, md receivm back the refipective 
ATM network address, connection sharing protocol, data on whether the session is exclusive, aiid 
whether caller I.iD. for security purposes is prdvidedj for Ae do vvhich has been 
queried.'"" 

. 12, The method according to claim Ij wherein die at least one service gateway is 
provided with a database which is updated each time a suliscriber logs in and logs out, to 
internally track existing ATM SVC connections, 

13. The method according to claim 1, wherein the at least; One service gateway 
con55rises a plurality of service gateways located iii different geographical regions. 

14. The method according to claim 13, wherein the plurality of service gateways 
access different directory servers which are loaded with ATM network addresses for different 
geographical regions, thus preventing service gateways in one f egidn fidiri launching ATM S VCs 
to destinations in other regions. 
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15. . The method according to clam 1, wherein tihe at least one fib 
and the at le^t one broistdband service gateway are integrated into one unit. 

16.. The method accordingto claini 1, wherein the atleast one fibeftefmina^^ 
c6nq)rises one of a multiplexer and a cable television head-end. 

17. The method according to claini 1, furtJier con^ 

virtual connection between the subscriber customer preniise equipment a^^ the at least one 
service gateway. 

18. The method according to claim 1 , wherein the Intemet protocol comprises pointr 
to-point protocol (PPP). 

19. A data communications network for enabling a broadband iservice subscriber to 
dynamically select at least one broadband service dbstinatibn frotti subscriber customer premises 
eqmpnient, the conmunications network compris^ 

an ATM network including a plurality of A.TM switches; .• 
at least one fiber terminating device; : 

at least one directory server; and 

at least one broadband service gateway connected to the ATM network, the at least one^ 
fiber terminating device, and the at least orie directory server^ the at least one service gateway 
receiving Intemet protocol packets, associated with a seission request and transmitted from the . : 
customer premises equipment, via the at least one fiber terminating device, the at least one service . 
gateway then laiinching an ATM SVC connection over the ATM network tb cormect the 
isubscribef to the at least one broadband service destinatipn in lesrpbifise to the session request from 
the customer premises equipment. 

20. The comniunications network according to claini 19, wherein point-to-point 
protocol (PPP) is used to transmit data froin the customed premise equipment to the at least one 
service gateway. 

21. The cotnmimications network according to claim 19, further comprising a 
permanent virtual coimection between the customer preiiiises eqiu^nneht and the at lea^t one 
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servicis gateway. 

22. The communications network according to claim 19, wherein the at least one 
service gateway comprises a plurality of gateways located in different gebgraphical regions. 

23. The commxmications network according to claim 22, wherein the plurality of 
gateways access different directory servers whibh are loaded with ATM nietwork addresses 
appropriate for each different geographitjal region, preventing gateways in one region fioni 
launchkg ATM SVGs to destination 

24. The communications network according to claim 19, fbrdier comprising a 
permanent virtual connection established between the at least one service gateway aad the at least 
one directory server. 

25. The communications network according to claim 19, wherein the at least one fiber 
terminating device and the at least one broadband service gateway are integrated into one unit, 

26. The comniunications network according to cldim 19, wherein the kt least one 
service gateway is provided with a database which internaUy tracks existing ATM SVC 

. coniiections.' ' . ' ■ * 

27. The communications network according to claim 1!?, further comprisiiig 
concuiretitly established multiple sessions for the :SiiBscrib^^ using a plurality of ATM SVC 
coiinectibns map^jed to a plurality of different destinations. . 

28. The cotnmunications network accordiiig to claini 19j further comprising sharing 
a single ATM SVC connection with a plurality of subscribers sxich that each isubscriber has a 
unique session established to the same destination. 

29. The communications network according to claim 28^ wherein coiinection sharing 
comprises multiplexing each session into a single SVC connebtioii using one of Layer 2 
Tunneling Protocol and PPP Tunnel Aggregation. 
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. . 30. The conunmiications network according to claim 19, whereiii the at least one 
directory server is provided with a table which cbrrelates ATM network addresses with domain 
names. 

31. The communications network according to claim 30, wherein the taljle further 
includes a connection sharing protocol for each domain liame, 

32. The commuiiications network according to claim 30, whei^ein the t^ible fiirthisr 
indicates whether the session is exclusive for each ddmmn naine. 

33. The communications network according to. claim 19, wherein the at least one 
broadband service gateway queries the at least one directory server with a domain name, and the 
at least one service gateway receives back ia respective ATM network address, and connection 
sharing protocol data indicating whether tiie session is exclusiv6j for that respective domain 
name. 

34. The communications netwck-k according 

terminating device comprises one of a multiplexer iand cable televisioii head-end. 

35 . A computer readable medium storing a computer program that Enables broadband 
service subscribers to dynamically access, from subscriber customer prennises equipment, 
broadband service destinations via an ATM network comprising a i)lurality of ATM switches, 
the customer premises equipment being connected to at least one service gateway via at least one 
fiber terminating device, the at least cwie service gateway being coimected to at least one directory 
server, the computer readable medium comprising: 

a source code segment that receives a session request, which ideiitifies a selected one of 
the broadband destinations, in the at least one service gateway, wherein the session request is 
transiriitted oy^ a broadband connection using an internet protocol; 

a source code segment that retrieves, using the ait leaLst one service gatewiay, an ATNl 
network address of the selected broadband destination from the at least one directory server- 

a source code segment that launches an SVC over the ATM network from the at least one 
service gateway to connect the subscriber to the ATM iietwork address; arid 

a source code segpient that forwards the session request and subsequent packets to the 

22 ' 
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selected destination to establish a session over the ATM SVC connection. 
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